AnsweredAssumed Answered

How to use High-Assurance Boot (HAB) with Serial Downloader on i.MX7D

Question asked by Mikko Elomaa on Oct 3, 2017
Latest reply on Oct 3, 2017 by igorpadykov

Does anyone have instructions to share for using High-Assurance Boot (HAB) with Serial Downloader?

I have created a signed U-boot image (2016.11+fslc sources), which works fine when loaded from NAND. There are no HAB events found when checking with hab_status in U-boot.
However, when I load the same image on the device with Serial Downloader (USB), the HAB events show that the signature is invalid. The BOOT_FROM parameter is set to nand as that is used in production and there is no separate option for serial downloader.

Any help or ideas?

I have tried this with a i.MX7 Sabre board with NAND modification and also with a custom board with i.MX7D. For each board I had a different set of keys.

 

Here is the first reported HAB event:

=> hab_status

Secure boot disabled

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x1c 0x42 0x33 0x18 0xc0 0x00
0xca 0x00 0x14 0x00 0x02 0xc5 0x1d 0x00
0x00 0x00 0x16 0x3c 0x87 0x7f 0xf4 0x00
0x00 0x07 0x5c 0x00

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)

Outcomes